Nascleanúint
RGCS (GDPR) > Airteagal 18. An ceart go gcuirfí srian le próiseáil
Íoslódáil PDF

Airteagal 18 RGCS (GDPR). An ceart go gcuirfí srian le próiseáil

Article 18 GDPR. Right to restriction of processing

1. Beidh sé de cheart ag an ábhar sonraí go gcuirfidh an rialaitheoir srian le próiseáil i gcásanna ina bhfuil feidhm ag ceann amháin díobh seo a leanas:

1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

Tráchtaireacht
(EN) Author
(EN) Siarhei Varankevich CIPP/E, CIPM, CIPT, MBA, FIP
FIP_IAPP
(EN) Co-Founder & CEO of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant

(a) cuireann an t-ábhar sonraí i gcoinne chruinneas na sonraí pearsanta ar feadh tréimhse le go bhféadfaidh an rialaitheoir cruinneas na sonraí pearsanta a fhíorú;

(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

(b) i gcás ina bhfuil an phróiseáil neamhdhleathach agus ina gcuireann an t-ábhar sonraí i gcoinne léirscriosadh na sonraí pearsanta agus ina n-iarrann sé go gcuirfear srian lena n-úsáid in áit iad a scriosadh;

(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) níl na sonraí de dhíth ar an rialaitheoir a thuilleadh chun críocha na próiseála, ach tá siad de dhíth ar an ábhar sonraí chun éilimh dhlíthiúla a bhunú, a fheidhmiú nó a chosaint; nó

(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) tá curtha i gcoinne próiseála ag an ábhar sonraí de bhun Airteagal 21(1) go dtí go bhfíorófar an mbeidh sáraíocht ag forais dhlisteanacha an rialaitheora ar fhorais dhlisteanacha an ábhair sonraí.

(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Téacsanna gaolmhara

2. I gcás gur srianadh an phróiseáil faoi mhír 1, ní fhéadfar sonraí pearsanta den sórt sin a phróiseáil, seachas iad a stóráil, ach amháin le toiliú an ábhair sonraí nó le go ndéanfar éilimh dhlíthiúla a bhunú, a fheidhmiú nó a chosaint nó le go gcosnófaí cearta duine eile nádúrtha nó dlisteanach nó ar chúiseanna a bhaineann le leas tábhachtach de chuid pobal an Aontais nó de chuid pobal Ballstáit.

2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 18(2) GDPR:

7.2.2 Identify lawful basis

Control

The organization should determine, document and comply with the relevant lawful basis for the processing of PII for the identified purposes.

Implementation guidance

Some jurisdictions require the organization to be able to demonstrate that the lawfulness of processing was duly established before the processing.

(EN) […]


to read the full text

3. Ábhar sonraí a fuair an srianadh ar phróiseáil de bhun mhír 1, cuirfidh an rialaitheoir ar an eolas é sula gcuirfear deireadh leis an srianadh ar phróiseáil.

3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 18(3) GDPR:

7.3.2 Determining information for PII principals

Control

The organization should determine and document the information to be provided to PII principals regarding the processing of their PII and the timing of such a provision.

Implementation guidance

The organization should determine the legal, regulatory and/or business requirements for when information is to be provided to the PII principal (e.g. prior to processing, within a certain time from when it is requested, etc.) and for the type of information to be provided.

(EN) […]


to read the full text

Tráchtaireacht ISO 27701 Recitals Leave a comment
Tráchtaireacht

(EN) The right to restriction of processing is one of the eight rights granted by the GDPR, but it is not the easiest one to understand at first glance. It can be summed up as an obligation on behalf of the controller to retain data, but they can neither be processed in any other manner nor modified.

(EN) […]


to read the full text

(EN) Author
Louis-Philippe Gratton
(EN) Louis-Philippe Gratton PhD, LLM
(EN) Privacy Expert

(EN)

Data Subject Request Letter Sample

Concern: Request to restrict the processing of my personal data

Dear Madam, Dear Sir,

I am entitled to ask you to restrict the processing of my personal data under Article 18(1) of the General Data Protection Regulation (GDPR)…

(EN) […]


to read the full text

(EN) Author
Louis-Philippe Gratton
(EN) Louis-Philippe Gratton PhD, LLM
(EN) Privacy Expert
ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 18 GDPR:

7.3.4 Providing mechanism to modify or withdraw consent

Control

The organization should provide a mechanism for PII principals to modify or withdraw their consent.

Implementation guidance

The organization should inform PII principals of their rights related to withdrawing consent (which may vary by jurisdiction) at any time, and provide the mechanism to do so.

(EN) […]


to read the full text

Recitals

(67) I modhanna chun srian a chur leis an bpróiseáil a dhéantar ar shonraí pearsanta, d'fhéadfaí a áireamh, inter alia, na sonraí a roghnaítear a aistriú go sealadach chuig córas eile próiseála, rud a chuirfeadh na sonraí pearsanta a roghnaítear ar fáil d'úsáideoirí, nó na sonraí a foilsíodh a bhaint de shuíomh gréasáin ar bhonn sealadach. I gcórais chomhdúcháin uathoibrithe, is trí bhealach teicniúil ba cheart an srianadh ar phróiseáil sonraí pearsanta a áirithiú i bprionsabal ar shlí nach bhfuil na sonraí pearsanta faoi réir tuilleadh oibríochtaí próiseála agus nach féidir iad a athrú. Ba cheart a léiriú go soiléir sa chóras go bhfuil srian ar shonraí pearsanta a phróiseáil.

(67) Methods by which to restrict the processing of personal data could include, inter alia, temporarily moving the selected data to another processing system, making the selected personal data unavailable to users, or temporarily removing published data from a website. In automated filing systems, the restriction of processing should in principle be ensured by technical means in such a manner that the personal data are not subject to further processing operations and cannot be changed. The fact that the processing of personal data is restricted should be clearly indicated in the system.

Leave a comment
[js-disqus]